Re: Remove Content-Location header in IIS 6.0
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 10/31/04
- Next message: Karl Levinson [x y] mvp: "Re: Remove Content-Location header in IIS 6.0"
- Previous message: Jacob Lane, MCP: "Remove Content-Location header in IIS 6.0"
- In reply to: Jacob Lane, MCP: "Remove Content-Location header in IIS 6.0"
- Next in thread: Karl Levinson [x y] mvp: "Re: Remove Content-Location header in IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Oct 2004 12:28:42 +0800
It is FREE !
http://msmvps.com/bernard/archive/2004/06/11/7976.aspx
Hotfix is ALWAYS FREE :)
just ring them.
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Jacob Lane, MCP" <jacoblanemcp@yahoo.com> wrote in message news:e0AOQWuvEHA.3320@TK2MSFTNGP14.phx.gbl... > All, > > [ For background with the security concern surrounding the Content-Location > tag in the HTTP header in multiple flavors of IIS, read: > http://support.microsoft.com/?id=218180. ] > > As the article above indicates, there are ways to alter this tag in IIS 4.0 > and 5.0 but until recently, there was no way to cure this on IIS 6.0 -- then > I found this article: http://support.microsoft.com/?id=834141. The problem > is, you have to contact Microsoft product support ($99 - $245) to get the > hotfix code. > > I am unsure why I should have to pay hundred(s) of dollars to get a fix that > makes my install of IIS more secure. Does someone from MS care to comment? > > In addition, before anyone replies with a discourse to the effect of " ... > you know, such fixes are not really the best ways to secure your web > servers, you should consider X, Y, Z <insert snippet from some SANS white > paper they just read> ..." I am well aware of the differences between > security by obscurity and true host hardening. My goal in this case is part > of a research project aimed at fooling automated tools into thinking that > ... > > An IIS 5.0 web server is really a Netscape Enterprise server ... > An IIS 6.0 web server is really an Apache web server ... > Apache web server is really an IIS 4.0 web server ... > > you get the idea. This is more than changing HTTP headers, but small things > like this help depending on the quality of the scanning tool you are trying > to fool. > > Also, if someone already has this hotfix and is willing to share, let me > know! ;-) > > Jake Lane > jacoblanemcp@nospam.yahoo.com > > >
- Next message: Karl Levinson [x y] mvp: "Re: Remove Content-Location header in IIS 6.0"
- Previous message: Jacob Lane, MCP: "Remove Content-Location header in IIS 6.0"
- In reply to: Jacob Lane, MCP: "Remove Content-Location header in IIS 6.0"
- Next in thread: Karl Levinson [x y] mvp: "Re: Remove Content-Location header in IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
